builtin / receive-pack.con commit help: release strbuf on error return in exec_woman_emacs() (bad0e2c)
   1#include "builtin.h"
   2#include "config.h"
   3#include "lockfile.h"
   4#include "pack.h"
   5#include "refs.h"
   6#include "pkt-line.h"
   7#include "sideband.h"
   8#include "run-command.h"
   9#include "exec_cmd.h"
  10#include "commit.h"
  11#include "object.h"
  12#include "remote.h"
  13#include "connect.h"
  14#include "transport.h"
  15#include "string-list.h"
  16#include "sha1-array.h"
  17#include "connected.h"
  18#include "argv-array.h"
  19#include "version.h"
  20#include "tag.h"
  21#include "gpg-interface.h"
  22#include "sigchain.h"
  23#include "fsck.h"
  24#include "tmp-objdir.h"
  25#include "oidset.h"
  26#include "packfile.h"
  27
  28static const char * const receive_pack_usage[] = {
  29        N_("git receive-pack <git-dir>"),
  30        NULL
  31};
  32
  33enum deny_action {
  34        DENY_UNCONFIGURED,
  35        DENY_IGNORE,
  36        DENY_WARN,
  37        DENY_REFUSE,
  38        DENY_UPDATE_INSTEAD
  39};
  40
  41static int deny_deletes;
  42static int deny_non_fast_forwards;
  43static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  44static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  45static int receive_fsck_objects = -1;
  46static int transfer_fsck_objects = -1;
  47static struct strbuf fsck_msg_types = STRBUF_INIT;
  48static int receive_unpack_limit = -1;
  49static int transfer_unpack_limit = -1;
  50static int advertise_atomic_push = 1;
  51static int advertise_push_options;
  52static int unpack_limit = 100;
  53static off_t max_input_size;
  54static int report_status;
  55static int use_sideband;
  56static int use_atomic;
  57static int use_push_options;
  58static int quiet;
  59static int prefer_ofs_delta = 1;
  60static int auto_update_server_info;
  61static int auto_gc = 1;
  62static int reject_thin;
  63static int stateless_rpc;
  64static const char *service_dir;
  65static const char *head_name;
  66static void *head_name_to_free;
  67static int sent_capabilities;
  68static int shallow_update;
  69static const char *alt_shallow_file;
  70static struct strbuf push_cert = STRBUF_INIT;
  71static unsigned char push_cert_sha1[20];
  72static struct signature_check sigcheck;
  73static const char *push_cert_nonce;
  74static const char *cert_nonce_seed;
  75
  76static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  77static const char *NONCE_BAD = "BAD";
  78static const char *NONCE_MISSING = "MISSING";
  79static const char *NONCE_OK = "OK";
  80static const char *NONCE_SLOP = "SLOP";
  81static const char *nonce_status;
  82static long nonce_stamp_slop;
  83static timestamp_t nonce_stamp_slop_limit;
  84static struct ref_transaction *transaction;
  85
  86static enum {
  87        KEEPALIVE_NEVER = 0,
  88        KEEPALIVE_AFTER_NUL,
  89        KEEPALIVE_ALWAYS
  90} use_keepalive;
  91static int keepalive_in_sec = 5;
  92
  93static struct tmp_objdir *tmp_objdir;
  94
  95static enum deny_action parse_deny_action(const char *var, const char *value)
  96{
  97        if (value) {
  98                if (!strcasecmp(value, "ignore"))
  99                        return DENY_IGNORE;
 100                if (!strcasecmp(value, "warn"))
 101                        return DENY_WARN;
 102                if (!strcasecmp(value, "refuse"))
 103                        return DENY_REFUSE;
 104                if (!strcasecmp(value, "updateinstead"))
 105                        return DENY_UPDATE_INSTEAD;
 106        }
 107        if (git_config_bool(var, value))
 108                return DENY_REFUSE;
 109        return DENY_IGNORE;
 110}
 111
 112static int receive_pack_config(const char *var, const char *value, void *cb)
 113{
 114        int status = parse_hide_refs_config(var, value, "receive");
 115
 116        if (status)
 117                return status;
 118
 119        if (strcmp(var, "receive.denydeletes") == 0) {
 120                deny_deletes = git_config_bool(var, value);
 121                return 0;
 122        }
 123
 124        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 125                deny_non_fast_forwards = git_config_bool(var, value);
 126                return 0;
 127        }
 128
 129        if (strcmp(var, "receive.unpacklimit") == 0) {
 130                receive_unpack_limit = git_config_int(var, value);
 131                return 0;
 132        }
 133
 134        if (strcmp(var, "transfer.unpacklimit") == 0) {
 135                transfer_unpack_limit = git_config_int(var, value);
 136                return 0;
 137        }
 138
 139        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 140                const char *path;
 141
 142                if (git_config_pathname(&path, var, value))
 143                        return 1;
 144                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 145                        fsck_msg_types.len ? ',' : '=', path);
 146                free((char *)path);
 147                return 0;
 148        }
 149
 150        if (skip_prefix(var, "receive.fsck.", &var)) {
 151                if (is_valid_msg_type(var, value))
 152                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 153                                fsck_msg_types.len ? ',' : '=', var, value);
 154                else
 155                        warning("Skipping unknown msg id '%s'", var);
 156                return 0;
 157        }
 158
 159        if (strcmp(var, "receive.fsckobjects") == 0) {
 160                receive_fsck_objects = git_config_bool(var, value);
 161                return 0;
 162        }
 163
 164        if (strcmp(var, "transfer.fsckobjects") == 0) {
 165                transfer_fsck_objects = git_config_bool(var, value);
 166                return 0;
 167        }
 168
 169        if (!strcmp(var, "receive.denycurrentbranch")) {
 170                deny_current_branch = parse_deny_action(var, value);
 171                return 0;
 172        }
 173
 174        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 175                deny_delete_current = parse_deny_action(var, value);
 176                return 0;
 177        }
 178
 179        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 180                prefer_ofs_delta = git_config_bool(var, value);
 181                return 0;
 182        }
 183
 184        if (strcmp(var, "receive.updateserverinfo") == 0) {
 185                auto_update_server_info = git_config_bool(var, value);
 186                return 0;
 187        }
 188
 189        if (strcmp(var, "receive.autogc") == 0) {
 190                auto_gc = git_config_bool(var, value);
 191                return 0;
 192        }
 193
 194        if (strcmp(var, "receive.shallowupdate") == 0) {
 195                shallow_update = git_config_bool(var, value);
 196                return 0;
 197        }
 198
 199        if (strcmp(var, "receive.certnonceseed") == 0)
 200                return git_config_string(&cert_nonce_seed, var, value);
 201
 202        if (strcmp(var, "receive.certnonceslop") == 0) {
 203                nonce_stamp_slop_limit = git_config_ulong(var, value);
 204                return 0;
 205        }
 206
 207        if (strcmp(var, "receive.advertiseatomic") == 0) {
 208                advertise_atomic_push = git_config_bool(var, value);
 209                return 0;
 210        }
 211
 212        if (strcmp(var, "receive.advertisepushoptions") == 0) {
 213                advertise_push_options = git_config_bool(var, value);
 214                return 0;
 215        }
 216
 217        if (strcmp(var, "receive.keepalive") == 0) {
 218                keepalive_in_sec = git_config_int(var, value);
 219                return 0;
 220        }
 221
 222        if (strcmp(var, "receive.maxinputsize") == 0) {
 223                max_input_size = git_config_int64(var, value);
 224                return 0;
 225        }
 226
 227        return git_default_config(var, value, cb);
 228}
 229
 230static void show_ref(const char *path, const struct object_id *oid)
 231{
 232        if (sent_capabilities) {
 233                packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
 234        } else {
 235                struct strbuf cap = STRBUF_INIT;
 236
 237                strbuf_addstr(&cap,
 238                              "report-status delete-refs side-band-64k quiet");
 239                if (advertise_atomic_push)
 240                        strbuf_addstr(&cap, " atomic");
 241                if (prefer_ofs_delta)
 242                        strbuf_addstr(&cap, " ofs-delta");
 243                if (push_cert_nonce)
 244                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 245                if (advertise_push_options)
 246                        strbuf_addstr(&cap, " push-options");
 247                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 248                packet_write_fmt(1, "%s %s%c%s\n",
 249                             oid_to_hex(oid), path, 0, cap.buf);
 250                strbuf_release(&cap);
 251                sent_capabilities = 1;
 252        }
 253}
 254
 255static int show_ref_cb(const char *path_full, const struct object_id *oid,
 256                       int flag, void *data)
 257{
 258        struct oidset *seen = data;
 259        const char *path = strip_namespace(path_full);
 260
 261        if (ref_is_hidden(path, path_full))
 262                return 0;
 263
 264        /*
 265         * Advertise refs outside our current namespace as ".have"
 266         * refs, so that the client can use them to minimize data
 267         * transfer but will otherwise ignore them.
 268         */
 269        if (!path) {
 270                if (oidset_insert(seen, oid))
 271                        return 0;
 272                path = ".have";
 273        } else {
 274                oidset_insert(seen, oid);
 275        }
 276        show_ref(path, oid);
 277        return 0;
 278}
 279
 280static void show_one_alternate_ref(const char *refname,
 281                                   const struct object_id *oid,
 282                                   void *data)
 283{
 284        struct oidset *seen = data;
 285
 286        if (oidset_insert(seen, oid))
 287                return;
 288
 289        show_ref(".have", oid);
 290}
 291
 292static void write_head_info(void)
 293{
 294        static struct oidset seen = OIDSET_INIT;
 295
 296        for_each_ref(show_ref_cb, &seen);
 297        for_each_alternate_ref(show_one_alternate_ref, &seen);
 298        oidset_clear(&seen);
 299        if (!sent_capabilities)
 300                show_ref("capabilities^{}", &null_oid);
 301
 302        advertise_shallow_grafts(1);
 303
 304        /* EOF */
 305        packet_flush(1);
 306}
 307
 308struct command {
 309        struct command *next;
 310        const char *error_string;
 311        unsigned int skip_update:1,
 312                     did_not_exist:1;
 313        int index;
 314        struct object_id old_oid;
 315        struct object_id new_oid;
 316        char ref_name[FLEX_ARRAY]; /* more */
 317};
 318
 319static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 320static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 321
 322static void report_message(const char *prefix, const char *err, va_list params)
 323{
 324        int sz;
 325        char msg[4096];
 326
 327        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 328        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 329        if (sz > (sizeof(msg) - 1))
 330                sz = sizeof(msg) - 1;
 331        msg[sz++] = '\n';
 332
 333        if (use_sideband)
 334                send_sideband(1, 2, msg, sz, use_sideband);
 335        else
 336                xwrite(2, msg, sz);
 337}
 338
 339static void rp_warning(const char *err, ...)
 340{
 341        va_list params;
 342        va_start(params, err);
 343        report_message("warning: ", err, params);
 344        va_end(params);
 345}
 346
 347static void rp_error(const char *err, ...)
 348{
 349        va_list params;
 350        va_start(params, err);
 351        report_message("error: ", err, params);
 352        va_end(params);
 353}
 354
 355static int copy_to_sideband(int in, int out, void *arg)
 356{
 357        char data[128];
 358        int keepalive_active = 0;
 359
 360        if (keepalive_in_sec <= 0)
 361                use_keepalive = KEEPALIVE_NEVER;
 362        if (use_keepalive == KEEPALIVE_ALWAYS)
 363                keepalive_active = 1;
 364
 365        while (1) {
 366                ssize_t sz;
 367
 368                if (keepalive_active) {
 369                        struct pollfd pfd;
 370                        int ret;
 371
 372                        pfd.fd = in;
 373                        pfd.events = POLLIN;
 374                        ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
 375
 376                        if (ret < 0) {
 377                                if (errno == EINTR)
 378                                        continue;
 379                                else
 380                                        break;
 381                        } else if (ret == 0) {
 382                                /* no data; send a keepalive packet */
 383                                static const char buf[] = "0005\1";
 384                                write_or_die(1, buf, sizeof(buf) - 1);
 385                                continue;
 386                        } /* else there is actual data to read */
 387                }
 388
 389                sz = xread(in, data, sizeof(data));
 390                if (sz <= 0)
 391                        break;
 392
 393                if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
 394                        const char *p = memchr(data, '\0', sz);
 395                        if (p) {
 396                                /*
 397                                 * The NUL tells us to start sending keepalives. Make
 398                                 * sure we send any other data we read along
 399                                 * with it.
 400                                 */
 401                                keepalive_active = 1;
 402                                send_sideband(1, 2, data, p - data, use_sideband);
 403                                send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
 404                                continue;
 405                        }
 406                }
 407
 408                /*
 409                 * Either we're not looking for a NUL signal, or we didn't see
 410                 * it yet; just pass along the data.
 411                 */
 412                send_sideband(1, 2, data, sz, use_sideband);
 413        }
 414        close(in);
 415        return 0;
 416}
 417
 418#define HMAC_BLOCK_SIZE 64
 419
 420static void hmac_sha1(unsigned char *out,
 421                      const char *key_in, size_t key_len,
 422                      const char *text, size_t text_len)
 423{
 424        unsigned char key[HMAC_BLOCK_SIZE];
 425        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 426        unsigned char k_opad[HMAC_BLOCK_SIZE];
 427        int i;
 428        git_SHA_CTX ctx;
 429
 430        /* RFC 2104 2. (1) */
 431        memset(key, '\0', HMAC_BLOCK_SIZE);
 432        if (HMAC_BLOCK_SIZE < key_len) {
 433                git_SHA1_Init(&ctx);
 434                git_SHA1_Update(&ctx, key_in, key_len);
 435                git_SHA1_Final(key, &ctx);
 436        } else {
 437                memcpy(key, key_in, key_len);
 438        }
 439
 440        /* RFC 2104 2. (2) & (5) */
 441        for (i = 0; i < sizeof(key); i++) {
 442                k_ipad[i] = key[i] ^ 0x36;
 443                k_opad[i] = key[i] ^ 0x5c;
 444        }
 445
 446        /* RFC 2104 2. (3) & (4) */
 447        git_SHA1_Init(&ctx);
 448        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 449        git_SHA1_Update(&ctx, text, text_len);
 450        git_SHA1_Final(out, &ctx);
 451
 452        /* RFC 2104 2. (6) & (7) */
 453        git_SHA1_Init(&ctx);
 454        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 455        git_SHA1_Update(&ctx, out, 20);
 456        git_SHA1_Final(out, &ctx);
 457}
 458
 459static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
 460{
 461        struct strbuf buf = STRBUF_INIT;
 462        unsigned char sha1[20];
 463
 464        strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
 465        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 466        strbuf_release(&buf);
 467
 468        /* RFC 2104 5. HMAC-SHA1-80 */
 469        strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
 470        return strbuf_detach(&buf, NULL);
 471}
 472
 473/*
 474 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 475 * after dropping "_commit" from its name and possibly moving it out
 476 * of commit.c
 477 */
 478static char *find_header(const char *msg, size_t len, const char *key,
 479                         const char **next_line)
 480{
 481        int key_len = strlen(key);
 482        const char *line = msg;
 483
 484        while (line && line < msg + len) {
 485                const char *eol = strchrnul(line, '\n');
 486
 487                if ((msg + len <= eol) || line == eol)
 488                        return NULL;
 489                if (line + key_len < eol &&
 490                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 491                        int offset = key_len + 1;
 492                        if (next_line)
 493                                *next_line = *eol ? eol + 1 : eol;
 494                        return xmemdupz(line + offset, (eol - line) - offset);
 495                }
 496                line = *eol ? eol + 1 : NULL;
 497        }
 498        return NULL;
 499}
 500
 501static const char *check_nonce(const char *buf, size_t len)
 502{
 503        char *nonce = find_header(buf, len, "nonce", NULL);
 504        timestamp_t stamp, ostamp;
 505        char *bohmac, *expect = NULL;
 506        const char *retval = NONCE_BAD;
 507
 508        if (!nonce) {
 509                retval = NONCE_MISSING;
 510                goto leave;
 511        } else if (!push_cert_nonce) {
 512                retval = NONCE_UNSOLICITED;
 513                goto leave;
 514        } else if (!strcmp(push_cert_nonce, nonce)) {
 515                retval = NONCE_OK;
 516                goto leave;
 517        }
 518
 519        if (!stateless_rpc) {
 520                /* returned nonce MUST match what we gave out earlier */
 521                retval = NONCE_BAD;
 522                goto leave;
 523        }
 524
 525        /*
 526         * In stateless mode, we may be receiving a nonce issued by
 527         * another instance of the server that serving the same
 528         * repository, and the timestamps may not match, but the
 529         * nonce-seed and dir should match, so we can recompute and
 530         * report the time slop.
 531         *
 532         * In addition, when a nonce issued by another instance has
 533         * timestamp within receive.certnonceslop seconds, we pretend
 534         * as if we issued that nonce when reporting to the hook.
 535         */
 536
 537        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 538        if (*nonce <= '0' || '9' < *nonce) {
 539                retval = NONCE_BAD;
 540                goto leave;
 541        }
 542        stamp = parse_timestamp(nonce, &bohmac, 10);
 543        if (bohmac == nonce || bohmac[0] != '-') {
 544                retval = NONCE_BAD;
 545                goto leave;
 546        }
 547
 548        expect = prepare_push_cert_nonce(service_dir, stamp);
 549        if (strcmp(expect, nonce)) {
 550                /* Not what we would have signed earlier */
 551                retval = NONCE_BAD;
 552                goto leave;
 553        }
 554
 555        /*
 556         * By how many seconds is this nonce stale?  Negative value
 557         * would mean it was issued by another server with its clock
 558         * skewed in the future.
 559         */
 560        ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
 561        nonce_stamp_slop = (long)ostamp - (long)stamp;
 562
 563        if (nonce_stamp_slop_limit &&
 564            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 565                /*
 566                 * Pretend as if the received nonce (which passes the
 567                 * HMAC check, so it is not a forged by third-party)
 568                 * is what we issued.
 569                 */
 570                free((void *)push_cert_nonce);
 571                push_cert_nonce = xstrdup(nonce);
 572                retval = NONCE_OK;
 573        } else {
 574                retval = NONCE_SLOP;
 575        }
 576
 577leave:
 578        free(nonce);
 579        free(expect);
 580        return retval;
 581}
 582
 583/*
 584 * Return 1 if there is no push_cert or if the push options in push_cert are
 585 * the same as those in the argument; 0 otherwise.
 586 */
 587static int check_cert_push_options(const struct string_list *push_options)
 588{
 589        const char *buf = push_cert.buf;
 590        int len = push_cert.len;
 591
 592        char *option;
 593        const char *next_line;
 594        int options_seen = 0;
 595
 596        int retval = 1;
 597
 598        if (!len)
 599                return 1;
 600
 601        while ((option = find_header(buf, len, "push-option", &next_line))) {
 602                len -= (next_line - buf);
 603                buf = next_line;
 604                options_seen++;
 605                if (options_seen > push_options->nr
 606                    || strcmp(option,
 607                              push_options->items[options_seen - 1].string)) {
 608                        retval = 0;
 609                        goto leave;
 610                }
 611                free(option);
 612        }
 613
 614        if (options_seen != push_options->nr)
 615                retval = 0;
 616
 617leave:
 618        free(option);
 619        return retval;
 620}
 621
 622static void prepare_push_cert_sha1(struct child_process *proc)
 623{
 624        static int already_done;
 625
 626        if (!push_cert.len)
 627                return;
 628
 629        if (!already_done) {
 630                struct strbuf gpg_output = STRBUF_INIT;
 631                struct strbuf gpg_status = STRBUF_INIT;
 632                int bogs /* beginning_of_gpg_sig */;
 633
 634                already_done = 1;
 635                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 636                        hashclr(push_cert_sha1);
 637
 638                memset(&sigcheck, '\0', sizeof(sigcheck));
 639                sigcheck.result = 'N';
 640
 641                bogs = parse_signature(push_cert.buf, push_cert.len);
 642                if (verify_signed_buffer(push_cert.buf, bogs,
 643                                         push_cert.buf + bogs, push_cert.len - bogs,
 644                                         &gpg_output, &gpg_status) < 0) {
 645                        ; /* error running gpg */
 646                } else {
 647                        sigcheck.payload = push_cert.buf;
 648                        sigcheck.gpg_output = gpg_output.buf;
 649                        sigcheck.gpg_status = gpg_status.buf;
 650                        parse_gpg_output(&sigcheck);
 651                }
 652
 653                strbuf_release(&gpg_output);
 654                strbuf_release(&gpg_status);
 655                nonce_status = check_nonce(push_cert.buf, bogs);
 656        }
 657        if (!is_null_sha1(push_cert_sha1)) {
 658                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 659                                 sha1_to_hex(push_cert_sha1));
 660                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 661                                 sigcheck.signer ? sigcheck.signer : "");
 662                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 663                                 sigcheck.key ? sigcheck.key : "");
 664                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 665                                 sigcheck.result);
 666                if (push_cert_nonce) {
 667                        argv_array_pushf(&proc->env_array,
 668                                         "GIT_PUSH_CERT_NONCE=%s",
 669                                         push_cert_nonce);
 670                        argv_array_pushf(&proc->env_array,
 671                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 672                                         nonce_status);
 673                        if (nonce_status == NONCE_SLOP)
 674                                argv_array_pushf(&proc->env_array,
 675                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 676                                                 nonce_stamp_slop);
 677                }
 678        }
 679}
 680
 681struct receive_hook_feed_state {
 682        struct command *cmd;
 683        int skip_broken;
 684        struct strbuf buf;
 685        const struct string_list *push_options;
 686};
 687
 688typedef int (*feed_fn)(void *, const char **, size_t *);
 689static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 690                             struct receive_hook_feed_state *feed_state)
 691{
 692        struct child_process proc = CHILD_PROCESS_INIT;
 693        struct async muxer;
 694        const char *argv[2];
 695        int code;
 696
 697        argv[0] = find_hook(hook_name);
 698        if (!argv[0])
 699                return 0;
 700
 701        argv[1] = NULL;
 702
 703        proc.argv = argv;
 704        proc.in = -1;
 705        proc.stdout_to_stderr = 1;
 706        if (feed_state->push_options) {
 707                int i;
 708                for (i = 0; i < feed_state->push_options->nr; i++)
 709                        argv_array_pushf(&proc.env_array,
 710                                "GIT_PUSH_OPTION_%d=%s", i,
 711                                feed_state->push_options->items[i].string);
 712                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 713                                 feed_state->push_options->nr);
 714        } else
 715                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 716
 717        if (tmp_objdir)
 718                argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
 719
 720        if (use_sideband) {
 721                memset(&muxer, 0, sizeof(muxer));
 722                muxer.proc = copy_to_sideband;
 723                muxer.in = -1;
 724                code = start_async(&muxer);
 725                if (code)
 726                        return code;
 727                proc.err = muxer.in;
 728        }
 729
 730        prepare_push_cert_sha1(&proc);
 731
 732        code = start_command(&proc);
 733        if (code) {
 734                if (use_sideband)
 735                        finish_async(&muxer);
 736                return code;
 737        }
 738
 739        sigchain_push(SIGPIPE, SIG_IGN);
 740
 741        while (1) {
 742                const char *buf;
 743                size_t n;
 744                if (feed(feed_state, &buf, &n))
 745                        break;
 746                if (write_in_full(proc.in, buf, n) != n)
 747                        break;
 748        }
 749        close(proc.in);
 750        if (use_sideband)
 751                finish_async(&muxer);
 752
 753        sigchain_pop(SIGPIPE);
 754
 755        return finish_command(&proc);
 756}
 757
 758static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 759{
 760        struct receive_hook_feed_state *state = state_;
 761        struct command *cmd = state->cmd;
 762
 763        while (cmd &&
 764               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 765                cmd = cmd->next;
 766        if (!cmd)
 767                return -1; /* EOF */
 768        strbuf_reset(&state->buf);
 769        strbuf_addf(&state->buf, "%s %s %s\n",
 770                    oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
 771                    cmd->ref_name);
 772        state->cmd = cmd->next;
 773        if (bufp) {
 774                *bufp = state->buf.buf;
 775                *sizep = state->buf.len;
 776        }
 777        return 0;
 778}
 779
 780static int run_receive_hook(struct command *commands,
 781                            const char *hook_name,
 782                            int skip_broken,
 783                            const struct string_list *push_options)
 784{
 785        struct receive_hook_feed_state state;
 786        int status;
 787
 788        strbuf_init(&state.buf, 0);
 789        state.cmd = commands;
 790        state.skip_broken = skip_broken;
 791        if (feed_receive_hook(&state, NULL, NULL))
 792                return 0;
 793        state.cmd = commands;
 794        state.push_options = push_options;
 795        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 796        strbuf_release(&state.buf);
 797        return status;
 798}
 799
 800static int run_update_hook(struct command *cmd)
 801{
 802        const char *argv[5];
 803        struct child_process proc = CHILD_PROCESS_INIT;
 804        int code;
 805
 806        argv[0] = find_hook("update");
 807        if (!argv[0])
 808                return 0;
 809
 810        argv[1] = cmd->ref_name;
 811        argv[2] = oid_to_hex(&cmd->old_oid);
 812        argv[3] = oid_to_hex(&cmd->new_oid);
 813        argv[4] = NULL;
 814
 815        proc.no_stdin = 1;
 816        proc.stdout_to_stderr = 1;
 817        proc.err = use_sideband ? -1 : 0;
 818        proc.argv = argv;
 819
 820        code = start_command(&proc);
 821        if (code)
 822                return code;
 823        if (use_sideband)
 824                copy_to_sideband(proc.err, -1, NULL);
 825        return finish_command(&proc);
 826}
 827
 828static int is_ref_checked_out(const char *ref)
 829{
 830        if (is_bare_repository())
 831                return 0;
 832
 833        if (!head_name)
 834                return 0;
 835        return !strcmp(head_name, ref);
 836}
 837
 838static char *refuse_unconfigured_deny_msg =
 839        N_("By default, updating the current branch in a non-bare repository\n"
 840           "is denied, because it will make the index and work tree inconsistent\n"
 841           "with what you pushed, and will require 'git reset --hard' to match\n"
 842           "the work tree to HEAD.\n"
 843           "\n"
 844           "You can set the 'receive.denyCurrentBranch' configuration variable\n"
 845           "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
 846           "its current branch; however, this is not recommended unless you\n"
 847           "arranged to update its work tree to match what you pushed in some\n"
 848           "other way.\n"
 849           "\n"
 850           "To squelch this message and still keep the default behaviour, set\n"
 851           "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
 852
 853static void refuse_unconfigured_deny(void)
 854{
 855        rp_error("%s", _(refuse_unconfigured_deny_msg));
 856}
 857
 858static char *refuse_unconfigured_deny_delete_current_msg =
 859        N_("By default, deleting the current branch is denied, because the next\n"
 860           "'git clone' won't result in any file checked out, causing confusion.\n"
 861           "\n"
 862           "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
 863           "'warn' or 'ignore' in the remote repository to allow deleting the\n"
 864           "current branch, with or without a warning message.\n"
 865           "\n"
 866           "To squelch this message, you can set it to 'refuse'.");
 867
 868static void refuse_unconfigured_deny_delete_current(void)
 869{
 870        rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
 871}
 872
 873static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 874static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 875{
 876        static struct lock_file shallow_lock;
 877        struct oid_array extra = OID_ARRAY_INIT;
 878        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 879        uint32_t mask = 1 << (cmd->index % 32);
 880        int i;
 881
 882        trace_printf_key(&trace_shallow,
 883                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 884        for (i = 0; i < si->shallow->nr; i++)
 885                if (si->used_shallow[i] &&
 886                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 887                    !delayed_reachability_test(si, i))
 888                        oid_array_append(&extra, &si->shallow->oid[i]);
 889
 890        opt.env = tmp_objdir_env(tmp_objdir);
 891        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 892        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 893                rollback_lock_file(&shallow_lock);
 894                oid_array_clear(&extra);
 895                return -1;
 896        }
 897
 898        commit_lock_file(&shallow_lock);
 899
 900        /*
 901         * Make sure setup_alternate_shallow() for the next ref does
 902         * not lose these new roots..
 903         */
 904        for (i = 0; i < extra.nr; i++)
 905                register_shallow(&extra.oid[i]);
 906
 907        si->shallow_ref[cmd->index] = 0;
 908        oid_array_clear(&extra);
 909        return 0;
 910}
 911
 912/*
 913 * NEEDSWORK: we should consolidate various implementions of "are we
 914 * on an unborn branch?" test into one, and make the unified one more
 915 * robust. !get_sha1() based check used here and elsewhere would not
 916 * allow us to tell an unborn branch from corrupt ref, for example.
 917 * For the purpose of fixing "deploy-to-update does not work when
 918 * pushing into an empty repository" issue, this should suffice for
 919 * now.
 920 */
 921static int head_has_history(void)
 922{
 923        struct object_id oid;
 924
 925        return !get_oid("HEAD", &oid);
 926}
 927
 928static const char *push_to_deploy(unsigned char *sha1,
 929                                  struct argv_array *env,
 930                                  const char *work_tree)
 931{
 932        const char *update_refresh[] = {
 933                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 934        };
 935        const char *diff_files[] = {
 936                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 937        };
 938        const char *diff_index[] = {
 939                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 940                NULL, "--", NULL
 941        };
 942        const char *read_tree[] = {
 943                "read-tree", "-u", "-m", NULL, NULL
 944        };
 945        struct child_process child = CHILD_PROCESS_INIT;
 946
 947        child.argv = update_refresh;
 948        child.env = env->argv;
 949        child.dir = work_tree;
 950        child.no_stdin = 1;
 951        child.stdout_to_stderr = 1;
 952        child.git_cmd = 1;
 953        if (run_command(&child))
 954                return "Up-to-date check failed";
 955
 956        /* run_command() does not clean up completely; reinitialize */
 957        child_process_init(&child);
 958        child.argv = diff_files;
 959        child.env = env->argv;
 960        child.dir = work_tree;
 961        child.no_stdin = 1;
 962        child.stdout_to_stderr = 1;
 963        child.git_cmd = 1;
 964        if (run_command(&child))
 965                return "Working directory has unstaged changes";
 966
 967        /* diff-index with either HEAD or an empty tree */
 968        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 969
 970        child_process_init(&child);
 971        child.argv = diff_index;
 972        child.env = env->argv;
 973        child.no_stdin = 1;
 974        child.no_stdout = 1;
 975        child.stdout_to_stderr = 0;
 976        child.git_cmd = 1;
 977        if (run_command(&child))
 978                return "Working directory has staged changes";
 979
 980        read_tree[3] = sha1_to_hex(sha1);
 981        child_process_init(&child);
 982        child.argv = read_tree;
 983        child.env = env->argv;
 984        child.dir = work_tree;
 985        child.no_stdin = 1;
 986        child.no_stdout = 1;
 987        child.stdout_to_stderr = 0;
 988        child.git_cmd = 1;
 989        if (run_command(&child))
 990                return "Could not update working tree to new HEAD";
 991
 992        return NULL;
 993}
 994
 995static const char *push_to_checkout_hook = "push-to-checkout";
 996
 997static const char *push_to_checkout(unsigned char *sha1,
 998                                    struct argv_array *env,
 999                                    const char *work_tree)
1000{
1001        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1002        if (run_hook_le(env->argv, push_to_checkout_hook,
1003                        sha1_to_hex(sha1), NULL))
1004                return "push-to-checkout hook declined";
1005        else
1006                return NULL;
1007}
1008
1009static const char *update_worktree(unsigned char *sha1)
1010{
1011        const char *retval;
1012        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1013        struct argv_array env = ARGV_ARRAY_INIT;
1014
1015        if (is_bare_repository())
1016                return "denyCurrentBranch = updateInstead needs a worktree";
1017
1018        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1019
1020        if (!find_hook(push_to_checkout_hook))
1021                retval = push_to_deploy(sha1, &env, work_tree);
1022        else
1023                retval = push_to_checkout(sha1, &env, work_tree);
1024
1025        argv_array_clear(&env);
1026        return retval;
1027}
1028
1029static const char *update(struct command *cmd, struct shallow_info *si)
1030{
1031        const char *name = cmd->ref_name;
1032        struct strbuf namespaced_name_buf = STRBUF_INIT;
1033        static char *namespaced_name;
1034        const char *ret;
1035        struct object_id *old_oid = &cmd->old_oid;
1036        struct object_id *new_oid = &cmd->new_oid;
1037
1038        /* only refs/... are allowed */
1039        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1040                rp_error("refusing to create funny ref '%s' remotely", name);
1041                return "funny refname";
1042        }
1043
1044        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1045        free(namespaced_name);
1046        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1047
1048        if (is_ref_checked_out(namespaced_name)) {
1049                switch (deny_current_branch) {
1050                case DENY_IGNORE:
1051                        break;
1052                case DENY_WARN:
1053                        rp_warning("updating the current branch");
1054                        break;
1055                case DENY_REFUSE:
1056                case DENY_UNCONFIGURED:
1057                        rp_error("refusing to update checked out branch: %s", name);
1058                        if (deny_current_branch == DENY_UNCONFIGURED)
1059                                refuse_unconfigured_deny();
1060                        return "branch is currently checked out";
1061                case DENY_UPDATE_INSTEAD:
1062                        ret = update_worktree(new_oid->hash);
1063                        if (ret)
1064                                return ret;
1065                        break;
1066                }
1067        }
1068
1069        if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1070                error("unpack should have generated %s, "
1071                      "but I can't find it!", oid_to_hex(new_oid));
1072                return "bad pack";
1073        }
1074
1075        if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1076                if (deny_deletes && starts_with(name, "refs/heads/")) {
1077                        rp_error("denying ref deletion for %s", name);
1078                        return "deletion prohibited";
1079                }
1080
1081                if (head_name && !strcmp(namespaced_name, head_name)) {
1082                        switch (deny_delete_current) {
1083                        case DENY_IGNORE:
1084                                break;
1085                        case DENY_WARN:
1086                                rp_warning("deleting the current branch");
1087                                break;
1088                        case DENY_REFUSE:
1089                        case DENY_UNCONFIGURED:
1090                        case DENY_UPDATE_INSTEAD:
1091                                if (deny_delete_current == DENY_UNCONFIGURED)
1092                                        refuse_unconfigured_deny_delete_current();
1093                                rp_error("refusing to delete the current branch: %s", name);
1094                                return "deletion of the current branch prohibited";
1095                        default:
1096                                return "Invalid denyDeleteCurrent setting";
1097                        }
1098                }
1099        }
1100
1101        if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1102            !is_null_oid(old_oid) &&
1103            starts_with(name, "refs/heads/")) {
1104                struct object *old_object, *new_object;
1105                struct commit *old_commit, *new_commit;
1106
1107                old_object = parse_object(old_oid);
1108                new_object = parse_object(new_oid);
1109
1110                if (!old_object || !new_object ||
1111                    old_object->type != OBJ_COMMIT ||
1112                    new_object->type != OBJ_COMMIT) {
1113                        error("bad sha1 objects for %s", name);
1114                        return "bad ref";
1115                }
1116                old_commit = (struct commit *)old_object;
1117                new_commit = (struct commit *)new_object;
1118                if (!in_merge_bases(old_commit, new_commit)) {
1119                        rp_error("denying non-fast-forward %s"
1120                                 " (you should pull first)", name);
1121                        return "non-fast-forward";
1122                }
1123        }
1124        if (run_update_hook(cmd)) {
1125                rp_error("hook declined to update %s", name);
1126                return "hook declined";
1127        }
1128
1129        if (is_null_oid(new_oid)) {
1130                struct strbuf err = STRBUF_INIT;
1131                if (!parse_object(old_oid)) {
1132                        old_oid = NULL;
1133                        if (ref_exists(name)) {
1134                                rp_warning("Allowing deletion of corrupt ref.");
1135                        } else {
1136                                rp_warning("Deleting a non-existent ref.");
1137                                cmd->did_not_exist = 1;
1138                        }
1139                }
1140                if (ref_transaction_delete(transaction,
1141                                           namespaced_name,
1142                                           old_oid ? old_oid->hash : NULL,
1143                                           0, "push", &err)) {
1144                        rp_error("%s", err.buf);
1145                        strbuf_release(&err);
1146                        return "failed to delete";
1147                }
1148                strbuf_release(&err);
1149                return NULL; /* good */
1150        }
1151        else {
1152                struct strbuf err = STRBUF_INIT;
1153                if (shallow_update && si->shallow_ref[cmd->index] &&
1154                    update_shallow_ref(cmd, si))
1155                        return "shallow error";
1156
1157                if (ref_transaction_update(transaction,
1158                                           namespaced_name,
1159                                           new_oid->hash, old_oid->hash,
1160                                           0, "push",
1161                                           &err)) {
1162                        rp_error("%s", err.buf);
1163                        strbuf_release(&err);
1164
1165                        return "failed to update ref";
1166                }
1167                strbuf_release(&err);
1168
1169                return NULL; /* good */
1170        }
1171}
1172
1173static void run_update_post_hook(struct command *commands)
1174{
1175        struct command *cmd;
1176        struct child_process proc = CHILD_PROCESS_INIT;
1177        const char *hook;
1178
1179        hook = find_hook("post-update");
1180        if (!hook)
1181                return;
1182
1183        for (cmd = commands; cmd; cmd = cmd->next) {
1184                if (cmd->error_string || cmd->did_not_exist)
1185                        continue;
1186                if (!proc.args.argc)
1187                        argv_array_push(&proc.args, hook);
1188                argv_array_push(&proc.args, cmd->ref_name);
1189        }
1190        if (!proc.args.argc)
1191                return;
1192
1193        proc.no_stdin = 1;
1194        proc.stdout_to_stderr = 1;
1195        proc.err = use_sideband ? -1 : 0;
1196
1197        if (!start_command(&proc)) {
1198                if (use_sideband)
1199                        copy_to_sideband(proc.err, -1, NULL);
1200                finish_command(&proc);
1201        }
1202}
1203
1204static void check_aliased_update(struct command *cmd, struct string_list *list)
1205{
1206        struct strbuf buf = STRBUF_INIT;
1207        const char *dst_name;
1208        struct string_list_item *item;
1209        struct command *dst_cmd;
1210        unsigned char sha1[GIT_MAX_RAWSZ];
1211        int flag;
1212
1213        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1214        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1215        strbuf_release(&buf);
1216
1217        if (!(flag & REF_ISSYMREF))
1218                return;
1219
1220        if (!dst_name) {
1221                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1222                cmd->skip_update = 1;
1223                cmd->error_string = "broken symref";
1224                return;
1225        }
1226        dst_name = strip_namespace(dst_name);
1227
1228        if ((item = string_list_lookup(list, dst_name)) == NULL)
1229                return;
1230
1231        cmd->skip_update = 1;
1232
1233        dst_cmd = (struct command *) item->util;
1234
1235        if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1236            !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1237                return;
1238
1239        dst_cmd->skip_update = 1;
1240
1241        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1242                 " its target '%s' (%s..%s)",
1243                 cmd->ref_name,
1244                 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1245                 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1246                 dst_cmd->ref_name,
1247                 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1248                 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1249
1250        cmd->error_string = dst_cmd->error_string =
1251                "inconsistent aliased update";
1252}
1253
1254static void check_aliased_updates(struct command *commands)
1255{
1256        struct command *cmd;
1257        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1258
1259        for (cmd = commands; cmd; cmd = cmd->next) {
1260                struct string_list_item *item =
1261                        string_list_append(&ref_list, cmd->ref_name);
1262                item->util = (void *)cmd;
1263        }
1264        string_list_sort(&ref_list);
1265
1266        for (cmd = commands; cmd; cmd = cmd->next) {
1267                if (!cmd->error_string)
1268                        check_aliased_update(cmd, &ref_list);
1269        }
1270
1271        string_list_clear(&ref_list, 0);
1272}
1273
1274static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1275{
1276        struct command **cmd_list = cb_data;
1277        struct command *cmd = *cmd_list;
1278
1279        if (!cmd || is_null_oid(&cmd->new_oid))
1280                return -1; /* end of list */
1281        *cmd_list = NULL; /* this returns only one */
1282        hashcpy(sha1, cmd->new_oid.hash);
1283        return 0;
1284}
1285
1286static void set_connectivity_errors(struct command *commands,
1287                                    struct shallow_info *si)
1288{
1289        struct command *cmd;
1290
1291        for (cmd = commands; cmd; cmd = cmd->next) {
1292                struct command *singleton = cmd;
1293                struct check_connected_options opt = CHECK_CONNECTED_INIT;
1294
1295                if (shallow_update && si->shallow_ref[cmd->index])
1296                        /* to be checked in update_shallow_ref() */
1297                        continue;
1298
1299                opt.env = tmp_objdir_env(tmp_objdir);
1300                if (!check_connected(command_singleton_iterator, &singleton,
1301                                     &opt))
1302                        continue;
1303
1304                cmd->error_string = "missing necessary objects";
1305        }
1306}
1307
1308struct iterate_data {
1309        struct command *cmds;
1310        struct shallow_info *si;
1311};
1312
1313static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1314{
1315        struct iterate_data *data = cb_data;
1316        struct command **cmd_list = &data->cmds;
1317        struct command *cmd = *cmd_list;
1318
1319        for (; cmd; cmd = cmd->next) {
1320                if (shallow_update && data->si->shallow_ref[cmd->index])
1321                        /* to be checked in update_shallow_ref() */
1322                        continue;
1323                if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1324                        hashcpy(sha1, cmd->new_oid.hash);
1325                        *cmd_list = cmd->next;
1326                        return 0;
1327                }
1328        }
1329        *cmd_list = NULL;
1330        return -1; /* end of list */
1331}
1332
1333static void reject_updates_to_hidden(struct command *commands)
1334{
1335        struct strbuf refname_full = STRBUF_INIT;
1336        size_t prefix_len;
1337        struct command *cmd;
1338
1339        strbuf_addstr(&refname_full, get_git_namespace());
1340        prefix_len = refname_full.len;
1341
1342        for (cmd = commands; cmd; cmd = cmd->next) {
1343                if (cmd->error_string)
1344                        continue;
1345
1346                strbuf_setlen(&refname_full, prefix_len);
1347                strbuf_addstr(&refname_full, cmd->ref_name);
1348
1349                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1350                        continue;
1351                if (is_null_oid(&cmd->new_oid))
1352                        cmd->error_string = "deny deleting a hidden ref";
1353                else
1354                        cmd->error_string = "deny updating a hidden ref";
1355        }
1356
1357        strbuf_release(&refname_full);
1358}
1359
1360static int should_process_cmd(struct command *cmd)
1361{
1362        return !cmd->error_string && !cmd->skip_update;
1363}
1364
1365static void warn_if_skipped_connectivity_check(struct command *commands,
1366                                               struct shallow_info *si)
1367{
1368        struct command *cmd;
1369        int checked_connectivity = 1;
1370
1371        for (cmd = commands; cmd; cmd = cmd->next) {
1372                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1373                        error("BUG: connectivity check has not been run on ref %s",
1374                              cmd->ref_name);
1375                        checked_connectivity = 0;
1376                }
1377        }
1378        if (!checked_connectivity)
1379                die("BUG: connectivity check skipped???");
1380}
1381
1382static void execute_commands_non_atomic(struct command *commands,
1383                                        struct shallow_info *si)
1384{
1385        struct command *cmd;
1386        struct strbuf err = STRBUF_INIT;
1387
1388        for (cmd = commands; cmd; cmd = cmd->next) {
1389                if (!should_process_cmd(cmd))
1390                        continue;
1391
1392                transaction = ref_transaction_begin(&err);
1393                if (!transaction) {
1394                        rp_error("%s", err.buf);
1395                        strbuf_reset(&err);
1396                        cmd->error_string = "transaction failed to start";
1397                        continue;
1398                }
1399
1400                cmd->error_string = update(cmd, si);
1401
1402                if (!cmd->error_string
1403                    && ref_transaction_commit(transaction, &err)) {
1404                        rp_error("%s", err.buf);
1405                        strbuf_reset(&err);
1406                        cmd->error_string = "failed to update ref";
1407                }
1408                ref_transaction_free(transaction);
1409        }
1410        strbuf_release(&err);
1411}
1412
1413static void execute_commands_atomic(struct command *commands,
1414                                        struct shallow_info *si)
1415{
1416        struct command *cmd;
1417        struct strbuf err = STRBUF_INIT;
1418        const char *reported_error = "atomic push failure";
1419
1420        transaction = ref_transaction_begin(&err);
1421        if (!transaction) {
1422                rp_error("%s", err.buf);
1423                strbuf_reset(&err);
1424                reported_error = "transaction failed to start";
1425                goto failure;
1426        }
1427
1428        for (cmd = commands; cmd; cmd = cmd->next) {
1429                if (!should_process_cmd(cmd))
1430                        continue;
1431
1432                cmd->error_string = update(cmd, si);
1433
1434                if (cmd->error_string)
1435                        goto failure;
1436        }
1437
1438        if (ref_transaction_commit(transaction, &err)) {
1439                rp_error("%s", err.buf);
1440                reported_error = "atomic transaction failed";
1441                goto failure;
1442        }
1443        goto cleanup;
1444
1445failure:
1446        for (cmd = commands; cmd; cmd = cmd->next)
1447                if (!cmd->error_string)
1448                        cmd->error_string = reported_error;
1449
1450cleanup:
1451        ref_transaction_free(transaction);
1452        strbuf_release(&err);
1453}
1454
1455static void execute_commands(struct command *commands,
1456                             const char *unpacker_error,
1457                             struct shallow_info *si,
1458                             const struct string_list *push_options)
1459{
1460        struct check_connected_options opt = CHECK_CONNECTED_INIT;
1461        struct command *cmd;
1462        struct object_id oid;
1463        struct iterate_data data;
1464        struct async muxer;
1465        int err_fd = 0;
1466
1467        if (unpacker_error) {
1468                for (cmd = commands; cmd; cmd = cmd->next)
1469                        cmd->error_string = "unpacker error";
1470                return;
1471        }
1472
1473        if (use_sideband) {
1474                memset(&muxer, 0, sizeof(muxer));
1475                muxer.proc = copy_to_sideband;
1476                muxer.in = -1;
1477                if (!start_async(&muxer))
1478                        err_fd = muxer.in;
1479                /* ...else, continue without relaying sideband */
1480        }
1481
1482        data.cmds = commands;
1483        data.si = si;
1484        opt.err_fd = err_fd;
1485        opt.progress = err_fd && !quiet;
1486        opt.env = tmp_objdir_env(tmp_objdir);
1487        if (check_connected(iterate_receive_command_list, &data, &opt))
1488                set_connectivity_errors(commands, si);
1489
1490        if (use_sideband)
1491                finish_async(&muxer);
1492
1493        reject_updates_to_hidden(commands);
1494
1495        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1496                for (cmd = commands; cmd; cmd = cmd->next) {
1497                        if (!cmd->error_string)
1498                                cmd->error_string = "pre-receive hook declined";
1499                }
1500                return;
1501        }
1502
1503        /*
1504         * Now we'll start writing out refs, which means the objects need
1505         * to be in their final positions so that other processes can see them.
1506         */
1507        if (tmp_objdir_migrate(tmp_objdir) < 0) {
1508                for (cmd = commands; cmd; cmd = cmd->next) {
1509                        if (!cmd->error_string)
1510                                cmd->error_string = "unable to migrate objects to permanent storage";
1511                }
1512                return;
1513        }
1514        tmp_objdir = NULL;
1515
1516        check_aliased_updates(commands);
1517
1518        free(head_name_to_free);
1519        head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1520
1521        if (use_atomic)
1522                execute_commands_atomic(commands, si);
1523        else
1524                execute_commands_non_atomic(commands, si);
1525
1526        if (shallow_update)
1527                warn_if_skipped_connectivity_check(commands, si);
1528}
1529
1530static struct command **queue_command(struct command **tail,
1531                                      const char *line,
1532                                      int linelen)
1533{
1534        struct object_id old_oid, new_oid;
1535        struct command *cmd;
1536        const char *refname;
1537        int reflen;
1538        const char *p;
1539
1540        if (parse_oid_hex(line, &old_oid, &p) ||
1541            *p++ != ' ' ||
1542            parse_oid_hex(p, &new_oid, &p) ||
1543            *p++ != ' ')
1544                die("protocol error: expected old/new/ref, got '%s'", line);
1545
1546        refname = p;
1547        reflen = linelen - (p - line);
1548        FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1549        oidcpy(&cmd->old_oid, &old_oid);
1550        oidcpy(&cmd->new_oid, &new_oid);
1551        *tail = cmd;
1552        return &cmd->next;
1553}
1554
1555static void queue_commands_from_cert(struct command **tail,
1556                                     struct strbuf *push_cert)
1557{
1558        const char *boc, *eoc;
1559
1560        if (*tail)
1561                die("protocol error: got both push certificate and unsigned commands");
1562
1563        boc = strstr(push_cert->buf, "\n\n");
1564        if (!boc)
1565                die("malformed push certificate %.*s", 100, push_cert->buf);
1566        else
1567                boc += 2;
1568        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1569
1570        while (boc < eoc) {
1571                const char *eol = memchr(boc, '\n', eoc - boc);
1572                tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1573                boc = eol ? eol + 1 : eoc;
1574        }
1575}
1576
1577static struct command *read_head_info(struct oid_array *shallow)
1578{
1579        struct command *commands = NULL;
1580        struct command **p = &commands;
1581        for (;;) {
1582                char *line;
1583                int len, linelen;
1584
1585                line = packet_read_line(0, &len);
1586                if (!line)
1587                        break;
1588
1589                if (len > 8 && starts_with(line, "shallow ")) {
1590                        struct object_id oid;
1591                        if (get_oid_hex(line + 8, &oid))
1592                                die("protocol error: expected shallow sha, got '%s'",
1593                                    line + 8);
1594                        oid_array_append(shallow, &oid);
1595                        continue;
1596                }
1597
1598                linelen = strlen(line);
1599                if (linelen < len) {
1600                        const char *feature_list = line + linelen + 1;
1601                        if (parse_feature_request(feature_list, "report-status"))
1602                                report_status = 1;
1603                        if (parse_feature_request(feature_list, "side-band-64k"))
1604                                use_sideband = LARGE_PACKET_MAX;
1605                        if (parse_feature_request(feature_list, "quiet"))
1606                                quiet = 1;
1607                        if (advertise_atomic_push
1608                            && parse_feature_request(feature_list, "atomic"))
1609                                use_atomic = 1;
1610                        if (advertise_push_options
1611                            && parse_feature_request(feature_list, "push-options"))
1612                                use_push_options = 1;
1613                }
1614
1615                if (!strcmp(line, "push-cert")) {
1616                        int true_flush = 0;
1617                        char certbuf[1024];
1618
1619                        for (;;) {
1620                                len = packet_read(0, NULL, NULL,
1621                                                  certbuf, sizeof(certbuf), 0);
1622                                if (!len) {
1623                                        true_flush = 1;
1624                                        break;
1625                                }
1626                                if (!strcmp(certbuf, "push-cert-end\n"))
1627                                        break; /* end of cert */
1628                                strbuf_addstr(&push_cert, certbuf);
1629                        }
1630
1631                        if (true_flush)
1632                                break;
1633                        continue;
1634                }
1635
1636                p = queue_command(p, line, linelen);
1637        }
1638
1639        if (push_cert.len)
1640                queue_commands_from_cert(p, &push_cert);
1641
1642        return commands;
1643}
1644
1645static void read_push_options(struct string_list *options)
1646{
1647        while (1) {
1648                char *line;
1649                int len;
1650
1651                line = packet_read_line(0, &len);
1652
1653                if (!line)
1654                        break;
1655
1656                string_list_append(options, line);
1657        }
1658}
1659
1660static const char *parse_pack_header(struct pack_header *hdr)
1661{
1662        switch (read_pack_header(0, hdr)) {
1663        case PH_ERROR_EOF:
1664                return "eof before pack header was fully read";
1665
1666        case PH_ERROR_PACK_SIGNATURE:
1667                return "protocol error (pack signature mismatch detected)";
1668
1669        case PH_ERROR_PROTOCOL:
1670                return "protocol error (pack version unsupported)";
1671
1672        default:
1673                return "unknown error in parse_pack_header";
1674
1675        case 0:
1676                return NULL;
1677        }
1678}
1679
1680static const char *pack_lockfile;
1681
1682static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1683{
1684        argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1685                        ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1686}
1687
1688static const char *unpack(int err_fd, struct shallow_info *si)
1689{
1690        struct pack_header hdr;
1691        const char *hdr_err;
1692        int status;
1693        struct child_process child = CHILD_PROCESS_INIT;
1694        int fsck_objects = (receive_fsck_objects >= 0
1695                            ? receive_fsck_objects
1696                            : transfer_fsck_objects >= 0
1697                            ? transfer_fsck_objects
1698                            : 0);
1699
1700        hdr_err = parse_pack_header(&hdr);
1701        if (hdr_err) {
1702                if (err_fd > 0)
1703                        close(err_fd);
1704                return hdr_err;
1705        }
1706
1707        if (si->nr_ours || si->nr_theirs) {
1708                alt_shallow_file = setup_temporary_shallow(si->shallow);
1709                argv_array_push(&child.args, "--shallow-file");
1710                argv_array_push(&child.args, alt_shallow_file);
1711        }
1712
1713        tmp_objdir = tmp_objdir_create();
1714        if (!tmp_objdir) {
1715                if (err_fd > 0)
1716                        close(err_fd);
1717                return "unable to create temporary object directory";
1718        }
1719        child.env = tmp_objdir_env(tmp_objdir);
1720
1721        /*
1722         * Normally we just pass the tmp_objdir environment to the child
1723         * processes that do the heavy lifting, but we may need to see these
1724         * objects ourselves to set up shallow information.
1725         */
1726        tmp_objdir_add_as_alternate(tmp_objdir);
1727
1728        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1729                argv_array_push(&child.args, "unpack-objects");
1730                push_header_arg(&child.args, &hdr);
1731                if (quiet)
1732                        argv_array_push(&child.args, "-q");
1733                if (fsck_objects)
1734                        argv_array_pushf(&child.args, "--strict%s",
1735                                fsck_msg_types.buf);
1736                if (max_input_size)
1737                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1738                                (uintmax_t)max_input_size);
1739                child.no_stdout = 1;
1740                child.err = err_fd;
1741                child.git_cmd = 1;
1742                status = run_command(&child);
1743                if (status)
1744                        return "unpack-objects abnormal exit";
1745        } else {
1746                char hostname[HOST_NAME_MAX + 1];
1747
1748                argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1749                push_header_arg(&child.args, &hdr);
1750
1751                if (xgethostname(hostname, sizeof(hostname)))
1752                        xsnprintf(hostname, sizeof(hostname), "localhost");
1753                argv_array_pushf(&child.args,
1754                                 "--keep=receive-pack %"PRIuMAX" on %s",
1755                                 (uintmax_t)getpid(),
1756                                 hostname);
1757
1758                if (!quiet && err_fd)
1759                        argv_array_push(&child.args, "--show-resolving-progress");
1760                if (use_sideband)
1761                        argv_array_push(&child.args, "--report-end-of-input");
1762                if (fsck_objects)
1763                        argv_array_pushf(&child.args, "--strict%s",
1764                                fsck_msg_types.buf);
1765                if (!reject_thin)
1766                        argv_array_push(&child.args, "--fix-thin");
1767                if (max_input_size)
1768                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1769                                (uintmax_t)max_input_size);
1770                child.out = -1;
1771                child.err = err_fd;
1772                child.git_cmd = 1;
1773                status = start_command(&child);
1774                if (status)
1775                        return "index-pack fork failed";
1776                pack_lockfile = index_pack_lockfile(child.out);
1777                close(child.out);
1778                status = finish_command(&child);
1779                if (status)
1780                        return "index-pack abnormal exit";
1781                reprepare_packed_git();
1782        }
1783        return NULL;
1784}
1785
1786static const char *unpack_with_sideband(struct shallow_info *si)
1787{
1788        struct async muxer;
1789        const char *ret;
1790
1791        if (!use_sideband)
1792                return unpack(0, si);
1793
1794        use_keepalive = KEEPALIVE_AFTER_NUL;
1795        memset(&muxer, 0, sizeof(muxer));
1796        muxer.proc = copy_to_sideband;
1797        muxer.in = -1;
1798        if (start_async(&muxer))
1799                return NULL;
1800
1801        ret = unpack(muxer.in, si);
1802
1803        finish_async(&muxer);
1804        return ret;
1805}
1806
1807static void prepare_shallow_update(struct command *commands,
1808                                   struct shallow_info *si)
1809{
1810        int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1811
1812        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1813        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1814
1815        si->need_reachability_test =
1816                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1817        si->reachable =
1818                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1819        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1820
1821        for (i = 0; i < si->nr_ours; i++)
1822                si->need_reachability_test[si->ours[i]] = 1;
1823
1824        for (i = 0; i < si->shallow->nr; i++) {
1825                if (!si->used_shallow[i])
1826                        continue;
1827                for (j = 0; j < bitmap_size; j++) {
1828                        if (!si->used_shallow[i][j])
1829                                continue;
1830                        si->need_reachability_test[i]++;
1831                        for (k = 0; k < 32; k++)
1832                                if (si->used_shallow[i][j] & (1U << k))
1833                                        si->shallow_ref[j * 32 + k]++;
1834                }
1835
1836                /*
1837                 * true for those associated with some refs and belong
1838                 * in "ours" list aka "step 7 not done yet"
1839                 */
1840                si->need_reachability_test[i] =
1841                        si->need_reachability_test[i] > 1;
1842        }
1843
1844        /*
1845         * keep hooks happy by forcing a temporary shallow file via
1846         * env variable because we can't add --shallow-file to every
1847         * command. check_everything_connected() will be done with
1848         * true .git/shallow though.
1849         */
1850        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1851}
1852
1853static void update_shallow_info(struct command *commands,
1854                                struct shallow_info *si,
1855                                struct oid_array *ref)
1856{
1857        struct command *cmd;
1858        int *ref_status;
1859        remove_nonexistent_theirs_shallow(si);
1860        if (!si->nr_ours && !si->nr_theirs) {
1861                shallow_update = 0;
1862                return;
1863        }
1864
1865        for (cmd = commands; cmd; cmd = cmd->next) {
1866                if (is_null_oid(&cmd->new_oid))
1867                        continue;
1868                oid_array_append(ref, &cmd->new_oid);
1869                cmd->index = ref->nr - 1;
1870        }
1871        si->ref = ref;
1872
1873        if (shallow_update) {
1874                prepare_shallow_update(commands, si);
1875                return;
1876        }
1877
1878        ALLOC_ARRAY(ref_status, ref->nr);
1879        assign_shallow_commits_to_refs(si, NULL, ref_status);
1880        for (cmd = commands; cmd; cmd = cmd->next) {
1881                if (is_null_oid(&cmd->new_oid))
1882                        continue;
1883                if (ref_status[cmd->index]) {
1884                        cmd->error_string = "shallow update not allowed";
1885                        cmd->skip_update = 1;
1886                }
1887        }
1888        free(ref_status);
1889}
1890
1891static void report(struct command *commands, const char *unpack_status)
1892{
1893        struct command *cmd;
1894        struct strbuf buf = STRBUF_INIT;
1895
1896        packet_buf_write(&buf, "unpack %s\n",
1897                         unpack_status ? unpack_status : "ok");
1898        for (cmd = commands; cmd; cmd = cmd->next) {
1899                if (!cmd->error_string)
1900                        packet_buf_write(&buf, "ok %s\n",
1901                                         cmd->ref_name);
1902                else
1903                        packet_buf_write(&buf, "ng %s %s\n",
1904                                         cmd->ref_name, cmd->error_string);
1905        }
1906        packet_buf_flush(&buf);
1907
1908        if (use_sideband)
1909                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1910        else
1911                write_or_die(1, buf.buf, buf.len);
1912        strbuf_release(&buf);
1913}
1914
1915static int delete_only(struct command *commands)
1916{
1917        struct command *cmd;
1918        for (cmd = commands; cmd; cmd = cmd->next) {
1919                if (!is_null_oid(&cmd->new_oid))
1920                        return 0;
1921        }
1922        return 1;
1923}
1924
1925int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1926{
1927        int advertise_refs = 0;
1928        struct command *commands;
1929        struct oid_array shallow = OID_ARRAY_INIT;
1930        struct oid_array ref = OID_ARRAY_INIT;
1931        struct shallow_info si;
1932
1933        struct option options[] = {
1934                OPT__QUIET(&quiet, N_("quiet")),
1935                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1936                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1937                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1938                OPT_END()
1939        };
1940
1941        packet_trace_identity("receive-pack");
1942
1943        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1944
1945        if (argc > 1)
1946                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1947        if (argc == 0)
1948                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1949
1950        service_dir = argv[0];
1951
1952        setup_path();
1953
1954        if (!enter_repo(service_dir, 0))
1955                die("'%s' does not appear to be a git repository", service_dir);
1956
1957        git_config(receive_pack_config, NULL);
1958        if (cert_nonce_seed)
1959                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1960
1961        if (0 <= transfer_unpack_limit)
1962                unpack_limit = transfer_unpack_limit;
1963        else if (0 <= receive_unpack_limit)
1964                unpack_limit = receive_unpack_limit;
1965
1966        if (advertise_refs || !stateless_rpc) {
1967                write_head_info();
1968        }
1969        if (advertise_refs)
1970                return 0;
1971
1972        if ((commands = read_head_info(&shallow)) != NULL) {
1973                const char *unpack_status = NULL;
1974                struct string_list push_options = STRING_LIST_INIT_DUP;
1975
1976                if (use_push_options)
1977                        read_push_options(&push_options);
1978                if (!check_cert_push_options(&push_options)) {
1979                        struct command *cmd;
1980                        for (cmd = commands; cmd; cmd = cmd->next)
1981                                cmd->error_string = "inconsistent push options";
1982                }
1983
1984                prepare_shallow_info(&si, &shallow);
1985                if (!si.nr_ours && !si.nr_theirs)
1986                        shallow_update = 0;
1987                if (!delete_only(commands)) {
1988                        unpack_status = unpack_with_sideband(&si);
1989                        update_shallow_info(commands, &si, &ref);
1990                }
1991                use_keepalive = KEEPALIVE_ALWAYS;
1992                execute_commands(commands, unpack_status, &si,
1993                                 &push_options);
1994                if (pack_lockfile)
1995                        unlink_or_warn(pack_lockfile);
1996                if (report_status)
1997                        report(commands, unpack_status);
1998                run_receive_hook(commands, "post-receive", 1,
1999                                 &push_options);
2000                run_update_post_hook(commands);
2001                string_list_clear(&push_options, 0);
2002                if (auto_gc) {
2003                        const char *argv_gc_auto[] = {
2004                                "gc", "--auto", "--quiet", NULL,
2005                        };
2006                        struct child_process proc = CHILD_PROCESS_INIT;
2007
2008                        proc.no_stdin = 1;
2009                        proc.stdout_to_stderr = 1;
2010                        proc.err = use_sideband ? -1 : 0;
2011                        proc.git_cmd = 1;
2012                        proc.argv = argv_gc_auto;
2013
2014                        close_all_packs();
2015                        if (!start_command(&proc)) {
2016                                if (use_sideband)
2017                                        copy_to_sideband(proc.err, -1, NULL);
2018                                finish_command(&proc);
2019                        }
2020                }
2021                if (auto_update_server_info)
2022                        update_server_info(0);
2023                clear_shallow_info(&si);
2024        }
2025        if (use_sideband)
2026                packet_flush(1);
2027        oid_array_clear(&shallow);
2028        oid_array_clear(&ref);
2029        free((void *)push_cert_nonce);
2030        return 0;
2031}